Tag: OMS

Have you checked the update management system for your Azure and On-Premises server that supports both Windows and Linux operating systems? And it is completely free! Please find the full list of supported operating systems and prerequisites here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#prerequisites.

Lets get started. The easiest way is to start from an Azure VM. Go to the VMs blade and find “Update management”. You will see a notification that the solution is not enabled.

Click the notification and the “Update Management” blade will open. The “Update Management” is an OMS solution, so you will need to create a “Log analytics” workspace, you can use the Free tier. If you don’t have a Log analytics workspace the wizard will create a default for you. Also it will create an automation account. Pressing enable will enable the “Update Management” solution.

After about 15 minutes, at the “Update Management” section of the VM you will see the report of the VM’s updates.

After that process the Automation Account is created and we can browse to the “Automation Accounts” service at the Azure Portal. There click the newly created Automation Account and scroll to the “Update Management” section. There we can see a full report of all VMs that we will add to the Update Management solution. To add more Azure VMs simply click the “Add Azure VM” button.

The Virtual Machines blade will open and will list all Virtual Machines at the tenant. Select each VM and press Enable.

After all required VMs are added to the Update Management solution click the “Schedule update deployment” button. There we will select the OS type of the deployment, the list of computers to update, what type of updates will deploy and the scheduler. More or less this is something familiar for anyone that has worked with WSUS.

Press the “Computers to Update” to select the Azure VMs for this deployment from the list of all VMs enabled.

Then select what types of updates will deploy.

If you want to exclude any specific update you can add the KB number at the “Excluded updated” blade.

And finally select the schedule that the update deployment will run.

Back to the “Update Management” blade, as we already said, we have a complete update monitoring of all Virtual Machines that are part of the “Update Management” solution.

You can also go to the “Log Analytics” workspase and open the “OMS Portal”

There, among other, you will see the newly added “System Update Assessment” solution.

and have a full monitoring and reporting of the updates of your whole environment.

At this series of posts we will make a walk along the Azure Security Center, to see some common usage scenarios. Like how we can use it to protect from a Virtual Machine to a whole Data Center.

To make it easier to understand we will start with a typical Azure IaaS scenario. A Virtual Machine with IIS role to act as Web Server. The steps to create the VM is out this post’s scope. I will simply describe the process. First we create a Windows Server 2016 Virtual Machine. Second we log in and add the Web Server (IIS) role. Third we open the port 80 at the VM’s Network Security Group (NSG) and voila we can browse at the Azure DNS name of the VM and see the IIS default landing page.

At this point the security of the Web Server is relying on the Network Security Rule, a layer 3 firewall that allows access to the port 80 and of course the Windows Firewall that does exactly the same.

Lets browse to the Azure Security Center from the Azure Portal. There we see an overview of security settings for the whole subscription.

First, click the “Compute”. I will skip the overview and go directly to the “VMs and computers” tab. There we see the name of the VM and the five points of interest. Our VM is not monitored, it doesn’t have endpoint protection and it reports some vulnerabilities.

Recommendation: Enable data collection for subscriptions

To start resolving the issues click the VM to go to the Recommendations blade. The first recommendation says to enable data collection for the subscription. Of course this is the Log Analytics, OMS (Operations Management Suite) integration. This will enable the subscription resources to report to log analytics.

Press the “Enable data collection for subscription”. The Data Collection blade will open. There we can enable or disable the automatic provision of the monitoring agent. This is the Microsoft Monitoring Agent that connects a Virtual Machine to Log Analytics and also we can use it for connecting to SCOM.

The second option is to chose a workspace. IF you have already created an OMS workspace you can choose it. If not let it create a new one automatically. Finally press save.

Returning to the previous blade you will see that the “Turn on data collection” recommendation, is now in Resolved state.

Although this recommendation is resolved instantly, the Microsoft Monitoring Agent is not yet installed. Go back to the Compute / Data collection installation status to see the agent installation status.

Stay tuned for the next Azure Security Center post to resolve more recommendations.

Azure Backup Reports

A new feature is in public preview, the Azure Backup Reports. Now we can have the Azure Backup Reports at the OMS Workspace, Event Hub and Power Bi. You can use Power BI to view report dashboard, download reports and create custom reports

The configuration has two steps, one to configure the Azure Backup Reports connection with each service and the other is to get the data at each service.

First go to a Recovery Services vault and select Backup Reports. Next press the Configure button.

The Diagnostic settings blade will open. Change the Status to “On” and select the desired services to collect the Azure Backup Logs.

For the Power Bi integration we need a Storage account. So check the “Archive to storage account” option and select a storage account. The storage account must be at the same region as the Azure Backup account.

To integrate with OMS check the “Send to Log Analytics” option and select an OMS Workspace.

An other option is to stream the Azure Backup logs to event hub. To configure it check the “Stream to an event hub” and select the event hub namespace and policy name.

At the bottom part of the configuration blade select the Logs that you want to get. The retention days option is only for the Storage Account configuration.

Press save and return to the Backup reports blade. Now press the “Sign in” to connect to Power Bi to configure the Service.

At the lower left corner of the Power Bi Portal press “Get Data”

At the AppSource press the “Get” button under the Services.

Search and select the “Azure Backup”

At the connect to Azure Backup page enter the Storage Account name. This is the storage account that we selected at the Azure Backup Reports configuration.

Press next and Save. Now the Azure Backup workspace is ready. Be patient, it needs time to start reporting data.

If you go back to the Azure Portal, the Backup Reports blade has changed and it only has the option to connect to your Power Bi dashboard.

If you browse to your Power Bi dashboard, you can view the Azure Backup Reports Workspace as the below image.

For the OMS integration, you only need to go to the Log Search and query “Category=”AzureBackupReport” and you will have all the Azure Backup Report logs. Following the OMS logic you can create a custom View, you can follow this post: Azure Log Analytics